If time tracking is activated in JIRA and a user has the rights to browse a certain project, there is no way in JIRA to restrict access to time tracking information, i.e. time logged with all description details as well as work estimates and remaining estimates will be visible to a user who has access to issues. Even though you can restrict the right to log timework in JIRA, you can't prevent users from seeing time tracking information, and you can't restrict access to the fields "Original estimate" and "Remaining estimate" (these fields appear even of you do not grant the "work on issues" permission). This might be perfectly okay within a developper team, but probably is generating huge problems if you grant your customers access to a project. There is no proper solution for this as JIRA does not offer this level of permissions.
| Info |
|---|
If you want to dive deeper into the question of restricting access to time tracking on "field level", you might want to have a look at the following topics: http://jira.atlassian.com/browse/JRA-2364 and http://jira.atlassian.com/browse/JRA-27613. There is also a plugin that partly solves the issue (https://plugins.atlassian.com/23216), but this requires a JIRA core patch and still there is a way to get time tracking information if you know how. |
As we think that it is essential that you have at least some control on who can see time tracking information in JIRA, we have added a small workaround to ictime that helps you to at least superficially hide this information from your customers in some places. This is work in progress, as we did not yet find identify all places where time tracking solution appears.
| Table of Contents |
|---|
Deny Access Configuration
...
Restrictions
As mentioned above, JIRA does not have a "field-level-security" concept, so that it is impossible to configure JIRA to hide certain fields - like time tracking data - in case a user has the permission to access an issue. This means that all approaches to solve this can only be "dirty workarounds", as they can't solve the problem that JIRA will deliver the data from the backend.
| Warning |
|---|
Our workaround only removes data on the frontend. It is not difficult to get the data with respective tools or by deactivating JavaScript. However, we consider this solution still much better than simply displaying all data everywhere to everyone. Most customers have neither knowledge nor time or motivation to hack play around with JIRA to get access to time tracking information (they might not even know that you track time via JIRA). |
Configuration
Go to
ictime -> Configuration -> Permissions -> JIRA
You have the following configuration options:
Permissions are set on group level. You can select as many existing groups as you need. Just click on the group icon and choose the groups:
Once chosen the groups, please click an the "Add" button to save your selection. The groups will be listed in the "Assigned" column of the interface.
To delete groups, use the respective link:
Permissions
| Note |
|---|
You are denying access! By default, according to the non-existing JIRA permissions, all users with browse project permissions can see all information specified below. |
| Permission | Description | Remarks | ||
|---|---|---|---|---|
| Tab Permissions (View Issue Screen) | Deny access to the tabs "All", "Work Log" , "Activityand ", "History", " Activity Stream" on the view issue screen. All these tabs contain time tracking information. Deny access to the Activity Stream on the project summary screen. | The activity stream can also be available as gadget on dashboards; see note below. | Webpanel Permissions | |
| Time Tracking Webpanel Permissions (View Issue Screen) | Deny access to Webpanels; this is the "Time Tracking" panel in the right column of the view issue screen. |
| Note |
|---|
You are denying access in this interface! By default, according to the non-existing JIRA permissions, all users with browse project permissions can see all information specified below. |
| Note |
|---|
The Activity Stream gadget for dashboards will also display time tracking information. As there is no way from preventing users with browse project rights to create own dashboards and to add any gadget they want, you can only take away this gadget from the system dashboard and hope that your clients have better things to do than adding new dashboards with the Activity Stream Gadget. We are looking for a solution for this, too. |
Permissions are set on group level. You can select as many existing groups as you need. Just click on the group icon and choose the groups:
Once chosen the groups, please click an the "Add" button to save your selection. The groups will be listed in the "Assigned" column of the interface.
To delete groups, use the respective link:
...
Create, Edit & Transition Issue Permissions | Deny access to original and remaining estimate data on create/edit issue and some transition screens. | |
General Time Tracking Permissions (all over JIRA)
| Deny access to time tracking related columns on issue navigator screens (also for gadgets that display issue lists), eliminate time tracking related data from activity streams on issue, project and dashboard level (all descriptions and times), deny access to time tracking related reports on project level. |